Skip to content

Commit

Permalink
add support for IAM Group authentication to google_sql_user (#9578) (#…
Browse files Browse the repository at this point in the history
…16681)

[upstream:05c4410c0e599f33ab255e3820187855c82c7739]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Dec 5, 2023
1 parent 2edc05f commit 0ecdc7f
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 3 deletions.
3 changes: 3 additions & 0 deletions .changelog/9578.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note: enhancement
sql: added support for IAM GROUP authentication in the `type` field of `google_sql_user`
```
6 changes: 4 additions & 2 deletions google/services/sql/resource_sql_user.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,10 @@ func ResourceSqlUser() *schema.Resource {
ForceNew: true,
DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("BUILT_IN"),
Description: `The user type. It determines the method to authenticate the user during login.
The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT".`,
ValidateFunc: validation.StringInSlice([]string{"BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", ""}, false),
The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT",
"CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" or "CLOUD_IAM_GROUP_SERVICE_ACCOUNT".`,
ValidateFunc: validation.StringInSlice([]string{"BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT",
"CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER", "CLOUD_IAM_GROUP_SERVICE_ACCOUNT", ""}, false),
},
"sql_server_user_details": {
Type: schema.TypeList,
Expand Down
11 changes: 11 additions & 0 deletions google/services/sql/resource_sql_user_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func TestAccSqlUser_mysql(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user1"),
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user2"),
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user3"),
),
},
{
Expand All @@ -36,6 +37,7 @@ func TestAccSqlUser_mysql(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user1"),
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user2"),
testAccCheckGoogleSqlUserExists(t, "google_sql_user.user3"),
),
},
{
Expand Down Expand Up @@ -313,6 +315,15 @@ resource "google_sql_user" "user2" {
instance = google_sql_database_instance.instance.name
host = "gmail.com"
password = "hunter2"
type = "CLOUD_IAM_USER"
}
resource "google_sql_user" "user3" {
name = "admin"
instance = google_sql_database_instance.instance.name
host = "gmail.com"
password = "hunter3"
type = "CLOUD_IAM_GROUP"
}
`, instance, password)
}
Expand Down
21 changes: 20 additions & 1 deletion website/docs/r/sql_user.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,24 @@ resource "google_sql_user" "iam_service_account_user" {
instance = google_sql_database_instance.main.name
type = "CLOUD_IAM_SERVICE_ACCOUNT"
}
resource "google_sql_user" "iam_group" {
name = "[email protected]"
instance = google_sql_database_instance.main.name
type = "CLOUD_IAM_GROUP"
}
resource "google_sql_user" "iam_group_user" {
name = "[email protected]"
instance = google_sql_database_instance.main.name
type = "CLOUD_IAM_GROUP_USER"
}
resource "google_sql_user" "iam_group_service_account_user" {
name = "[email protected]"
instance = google_sql_database_instance.main.name
type = "CLOUD_IAM_GROUP_SERVICE_ACCOUNT"
}
```

## Argument Reference
Expand All @@ -91,7 +109,8 @@ The following arguments are supported:

* `type` - (Optional) The user type. It determines the method to authenticate the
user during login. The default is the database's built-in user type. Flags
include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT".
include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT",
"CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" or "CLOUD_IAM_GROUP_SERVICE_ACCOUNT".

* `deletion_policy` - (Optional) The deletion policy for the user.
Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful
Expand Down

0 comments on commit 0ecdc7f

Please sign in to comment.